As of November 1st, 2018, changes to the Personal Information Protection and Electronic Documents Act (PIPEDA) have gone into effect.
Under the Digital Privacy Act, every organization that collects, uses and discloses personal information in Canada (with a few exceptions) will be required to:
- Notify affected individuals about privacy breaches.
- Report privacy breaches to the Office of the Privacy Commissioner of Canada.
- Keep and maintain internal records of every breach of safeguards involving personal information under their control.
If privacy breaches go unreported, they could incur fines of up to $100,000 for each time, if the federal government decides to prosecute a case.
Here are three case studies of recent data breaches. These case studies will have you questioning your own resources dedicated to data protection and help you to understand the importance of data security.
Financial information is not always the goal of a hacker. Patient and employee information are big concerns as well (as seen in the three examples below).
The town of Midland became the victim of a sophisticated cyber attack in which the Town’s network was illegally accessed and affected with ransomware.
The Town of Wasaga Beach paid nearly $35,000 to cybercriminals in order to regain access to the town’s servers, which had been held ransom for seven weeks.
Thousands of patient records held for ransom in Ontario home care data breach, attackers claim.
Here is a link to some research done by the Canadian Internet Registration Authority which outlines their findings on Internet Security.
Canadian Internet Registration Authority – 2018
Here are some additional articles for more information about these privacy updates:
– Office of the Privacy Commissioner of Canada
Additionally, if you’re concerned about the amount of responsibility that you’re taking on with your own business, you can invest in Cyber Liability Insurance through Fenn & Fenn Insurance to help protect yourself and your customers.
